What is Two-Factor Authentication? FAQ - General

Two-factor authentication increase your account security by adding an additional layer of verification when you log in. Each time you log in, you will not only be asked to provide your login and password, but also an additional authentication token which changes periodically and is generated typically on your mobile device (phone or tablet). This means that even when someone knows your username and password, they still won’t be able to log in unless they have access to your mobile device.

We strongly recommend you to use two-factor authentication for the safety of your account.

You can activate two-factor authentication by going to Matomo settings > Personal > Security.
Click Turn on Two-Factor Authentication. When you set this up, make sure to backup your recovery codes (ideally in your encrypted password manager) in case you lose your mobile device or if you cannot access it anymore.

Superusers with 2FA enabled can force all users to login using a two-factor authentication method:

Navigate to Matomo settings > System > General settings > Two Factor Auth.
Click the checkbox setting Require two-factor authentication for everyone and save your changes.
The Superuser must have 2FA already setup to enable this setting.

Please note that when you issue an API request, or authenticate using your authentication token (for example when you export widgets), the two-factor authentication code is not being verified.

Next FAQ: How do I restrict viewing the analytics reports to one or more allowed IP addresses or IP ranges?

Previous FAQ: How do I troubleshoot login failures?

Feedback on this page